From kde Mon Aug 16 07:18:45 2010 From: Duncan <1i5t5.duncan () cox ! net> Date: Mon, 16 Aug 2010 07:18:45 +0000 To: kde Subject: Re: [kde] Printing and cups: KDE removes filter entrys! Message-Id: X-MARC-Message: https://marc.info/?l=kde&m=128194317720091 Wilhelm posted on Sun, 15 Aug 2010 16:05:51 +0000 as excerpted: > we are using cupsd / smbspool for printing to printers hosted on a > remote windows printserver. Therefore the cups-clients need to to the > filtering local. So I setup the local printers.conf to include the > nessesary filter definitions. Up to this point all is well and printing > works. > > The problem seems to be the KDE printer-mgr. If someone logs into the > client using a KDE session, the kde startup procedure somehow removes > the filter entrys from printers.conf and then I have printers.conf > (modified, without the filter definitions) and printers.conf.0 (the > previous working one). > > If I set cupsd to LogLevel debug, it says that it is modifying > printers.conf. > > So, the question is: how do I prevent KDE from sending modifying > requests to cupsd or how do I refuse those modifications ? Note that I don't have a printer ATM, and even if I did, it'd very likely be local printing only... As such, I don't know much about printing in kde4. That said... there's a few more generic possibilities you may be able to activate, depending on your installation. This list is arguably in reverse order of likelihood to work... that's just the order I thought of them. 1) If you're running SELinux, you can setup the cupsd SELinux security policy so it isn't allowed to write to printers.conf, only read it. (The same may well be possible with app-armor and tomoko (sp?), I'm not sure.) Since Fedora ships with SELinux active by default, if that's what you're using, it should be a rather minor change. 2) If you're running ext2/3/4, consider setting the printers.conf file immutable. As with the printer disclaimer above, I should mention that I run reiserfs myself (and likely will until btrfs loses its dev status and seems reasonably stable for a kernel or two), and thus haven't actually ever had occasion to use ext2/3/4's immutable attribute (viewable with lsattr, settable with chattr, see the manpages), but it or possibly append-only sounds like it'd fit the bill to me. =:^) 3) This one I KNOW should work as I actually use it for various purposes (chroots, etc) myself. Take a look at the mount --bind option, for remounting part of a filesystem (may be a single file) elsewhere. The idea is to remount either that dir, or just that file, as read-only. The catch is that you can't change the mount options with mount --bind itself -- it inherits the mount options of the original filesystem. However, you CAN do the mount --bind, then do a remount -o remount,ro. Again, see the manpage, this time for mount, in particular, the bind mounts section. If the filesystem (even if it consists of a single bind-mount file) is mounted read-only, neither cupsd nor anything else is going to write anything on it using access to that mountpoint! =:^) Of course, assuming the file is stored elsewhere on the original filesystem, so the mount -- bind isn't directly over top of itself, you can still modify it if desired using the original location. But the point is, cupsd won't be accessing it using that path, but rather, the bind-mount path, which is read-only, so it will be unable to modify the file! I'm quite sure there's actually a way to get kde to quit telling cupsd to mess with it, but as I said, I don't have a printer ATM (and haven't had since quite some time back in the kde3 era), so I don't happen to know the specifics of that. But I DO know how to force a file to read-only if I need to, using bind-mounts. As no one else seems to have answered so far... well, you know at least one way to make it work, now, even if it's rather like using a cannon to kill a fly. I've actually used it and know it does work. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman ___________________________________________________ This message is from the kde mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.